[SECURITY] Fedora 43 Update: python-ezdxf-1.4.3-3.fc43

This Python package is designed to facilitate the creation and manipulation of DXF documents, with compatibility across various DXF versions. It empowers users to seamlessly load and edit DXF files while preserving all content, except for comments. Any unfamiliar DXF tags encountered in the...

[SECURITY] Fedora 43 Update: gi-loadouts-0.1.10-2.fc43

This is a desktop application that allows travelers to manage their custom equipment of artifacts and weapons for playable characters and makes it convenient for travelers to calculate the associated statistics based on their equipment using the semantic understanding of how the gameplay works...

CVE-2025-66293

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing...

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application HTA files and PDFs to propagate via WhatsApp a worm that deploys a banking trojan in attacks targeting users in Brazil. The latest wave is...

PT-2025-48996

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.6.52 Description LIBPNG is a library used for reading, creating, and manipulating PNG raster image files. A flaw exists in libpng's simplified API where processing valid palette PNG images with partial transparency a...

CVE-2025-11780

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated in...

CLSA-2025-1764677738 lasso: Fix of CVE-2025-47151

CVE-2025-47151: fix type confusion vulnerability in the lassonodeimplinitfromxml functionality...

[SECURITY] Fedora 43 Update: libpng-1.6.51-1.fc43

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A heap-based buffer overflow vulnerability was discovered in GIMP’s DICOM DCM file parser. The flaw occurs because the application fails to properly validate the length of user-supplied data before copying it to a heap buffer. This can lead to arbitrary code execution when a user opens a speciall...

Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp

Through AI-driven code conversion and a layered infection chain involving different file formats and scripting languages, the threat actors behind Water Saci are quickly upgrading their malware delivery and propagation methods across WhatsApp in Brazil...

gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability

A remote code execution RCE vulnerability exists in GIMP’s FF file parsing functionality. The flaw stems from improper validation of user-supplied data, leading to an integer overflow before buffer allocation. When a user opens a malicious FF image file, the overflow can cause incorrect memory...

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

EUVD-2025-199851

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

PT-2026-5435

Name of the Vulnerable Software and Affected Versions Salt affected versions not specified Description Salt is susceptible to an authentication protocol version downgrade. A malicious minion can exploit this to bypass newer authentication and security features by utilizing an older request payloa...

CVE-2025-64332

A flaw was found in Suricata. This vulnerability allows a denial of service DoS via SWF Small Web Format decompression...

VulnCheck KEV: CVE-2025-44137

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web...

K000157990: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2023-41175 A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based...

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions prior to 7.0.13 and prior to 8.0.2, which stems from a stack overflow when SWF decompression is enabled, potentially resulting in a crash...

CVE-2025-59820

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kistgaimport.cpp aka KisTgaImport. Control flow proceeds even when a number of pixels becomes negative...